US government hack highlights need for startups to develop SIEM and IDS solutions

Sam Shead |
June 10, 2015

A member of the Senate Intelligence Committee said the hack, which saw almost four million records stolen, is thought to have originated in China.

A major hack on the US government has highlighted the need for fresh thinking in two particular types of security systems - security information and event management (SIEM) systems and intrusion detection systems (IDS).

The breach saw almost four million sensitive records leaked by what US government officials initially claimed was China.

The hack led leading cyber security expert William Buchanan, a professor at Napier University, to write a blog post on LinkedIn, where he explains the need for enterprises and governments to adopt increasingly sophisticated SIEM and IDS solutions.

IDS technologies fire events on possible security breaches that are then collected, logged and analysed, while SEIM technologies enable organisations to create a dashboard that they can use to manage the events that are coming in, in real-time and historically. Typical SIEM packages include HP ArcSight, IBM QRadar and Splunk.

"The need for SIEM and IDS increases by the day, and risk around data loss detection and prevention (DLP) also increase," he wrote. "Companies need to invest in developing SIEM infrastructures, and look to employ analysts to analyse these on a continual basis.

"Data is the life blood of most organisations, and probably one of its important assets, along with hold information on behalf of others. The Sony hack highlighted how embarrassing it is to leak information, and now the contents of sensitive emails now are searchable in Wikileaks."

Startups should also focus on developing identity management software, as this is another area that is not currently meeting today's requirements

One UK startup already developing security technologies across these fields is Darktrace in Cambridge, which is backed by Autonomy founder Mike Lynch.

Dave Palmer, CTO at Darktrace, said: "As the Office of Personnel Management [the government department that was hacked] and other parts of the government look to beef up their security, they need to radically rethink their strategy and build in an 'immune system' style of continuous monitoring, which helps them see the first signs of compromise within their networks and can adapt to its changing environment.

"It is critical that they lead the world in their departure from the status quo, using new advanced technology, as well as people, to improve their self-awareness of what is happening inside their own system and spotting suspicious activity, while there is still time to change the outcome."